Belgian Data Protection Authority Imposes Fines on Non-Profit Organization

In a decision issued on May 29, 2020, the Belgian data protection authority (DPA) turned its attention to the practices of non-profit organizations when it imposed a fine for violations of the EU’s General Data Protection Regulation (GDPR).  The DPA’s decision responded to an individual who complained that he continued to receive promotional materials from the organization after he had objected to the processing of his contact details for direct marketing. He had also requested that the organization delete his data from its database. The DPA stated that under the GDPR, unsolicited postal communications sent by non-profit organizations to promote their services and to fundraise qualify as “direct…


Poland Imposes Fines for Web-Scraping of Personal Data When Notification to Individuals Did Not Occur

Poland’s data protection agency issued its first fine under the EU’s General Data Protection Regulation (GDPR), imposing a 220,000 euro fine to Bisnode, a European digital marketing company headquartered in Sweden. The Poland Personal Data Protection Office (UODO) determined that the company had failed to inform individuals that it was processing their data after scraping that data from websites. Notification is required under Article 14. In addition to the fine, UODO required Bisnode to contact the nearly six million people it had not already contacted as required by the GDPR and gave the company three months to comply with the order. Article 14 obligates data controllers to inform…


Framework for GDPR Fines Published by the Dutch Authorities

The Dutch Data Protection Authority (AP) has announced a new policy for determining the fines to be imposed for violations of the General Data Protection Regulation (GDPR) and its national implementing act. The AP’s assessment will first take into account the maximum amounts specified by the European Regulation: either 10 million euros or 2% of the annual worldwide turnover, or 20 million euros or 4% of the annual worldwide turnover, depending on the violation incurred. Violations that are subject to fines are divided into three or four categories designed by the data protection authority to take into account the weight of the breached requirements, with each assigned a…


EU-U.S. Privacy Shield Review Report Outlines Steps To Improve Enforcement and Monitor Compliance

The Privacy Shield – a mechanism by which U.S. companies can legally transfer data to the European Union, continues to draw the attention of regulators and policymakers. On December 19, 2018, the European Commission (the Commission) announced the publication of its report on the second annual review of the EU-U.S. Privacy Shield. The report offers companies insight into what aspects of the Privacy Shield officials find most important and what steps are planned to strengthen enforcement and oversee compliance. Background The EU-U.S. Privacy Shield is a framework for transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. Companies must self-certify that they meet the requirements of…

  • 1
  • 2